Every CVE whose affected-product data names Hcltech Traveler, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2022-27561 — CVSS 7.5 (high): There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf).
CVE-2019-4409 — CVSS 5.4 (medium): HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet…
CVE-2021-27778 — CVSS 4.9 (medium): HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in…
CVE-2025-0278 — CVSS 4.3 (medium): HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file…
CVE-2025-0279 — CVSS 4.3 (medium): HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names…
CVE-2026-21783 — CVSS 4.3 (medium): HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed…